CVE-2026-44420 - FreeRDP cliprdr server heap-buffer-overflow via undersized capabilitySetLength in CB_CLIP_CAPS

CVE ID :CVE-2026-44420 Published : May 29, 2026, 8:16 p.m. | 2 hours, 8 minutes ago Description :FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...